Is it possible to query freeradius' certificate expiration remotely?
Kev Pearce
email.me at kevp.com
Tue May 2 07:03:04 UTC 2023
You could install a web server on the box, on a nice high port. Then configure it to use the same cert as FR and return a blank 200 page. Then query that…
> On 2 May 2023, at 01:05, Matt H <meh1963 at gmail.com> wrote:
>
> Is it possible to query freeradius' certificate expiration date remotely
> for the cert in /etc/raddb/certs?
>
> I'm trying to set up an alert so there's notification when the cert is <60
> days from requiring renewal.
>
> I'm trying the following but the command returns connection refused on all
> of the ports I expected it to work on:
>
> openssl s_client -servername rad2.domain.com -connect rad2.domain.com:1813
> | openssl x509 -noout -dates
>
> I've tried ports 443, 8080, 88, 1812, 1813, 1645, 1646, and everything else
> I can find that might be listening, to no avail.
>
> Thanks for any guidance
> /mh
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list